(IN PROGRESS STILL…)

Course visibility in course listings (Find Courses page, home page) is controlled by the following:

• lms/djangoapps/branding/__init__.py:get_visible_courses will check
  • microsite course_org_filter value: if a microsite domain is set to only show a certain org, courses from all other orgs will be filtered out.
  • legacy (pre current microsite implementation) filter course ids by domain feature from settings.COURSE_LISTINGS entry for current subdomain
  • if we are not in a microsite, filter out any courses that are specific to any microsites (via course_org_filter setting)
• lms/djangoapps/courseware/courses.py:get_courses will check if a user has access to a visible course using the permission defined for courses in settings via  COURSE_CATALOG_VISIBILITY_PERMISSION. This will be set to one of : see_exists, see_in_catalog. ….catalog_visibility is the name of the field on xmodule…

Also, in the specific case of InterSystems, we have modified the course Advanced Setting 
External Login Domain from its original behavior (actual field in course_module.py is called enrollment_domain).  Normally it provides a domain for external authorization for permission to enroll in a course.  We have modified it to restrict access to a course to users with email addresses matching the domain used in this field.